[VPN] SSL VPN

Siddhartha Jain losttoy2000 at yahoo.co.uk
Thu May 1 04:20:48 EDT 2003


Hi,

Lets examine VPN - Virtual Private Network.

Virtual as in you overlay a private network over a
public network.
Private coz the traffic should be authentic and/or
encrypted.
Network - A network would be linking more than two
hosts? Moreover, it should provide a host connectivity
to whoever joins the network.

Now looks at SSL *VPN*.

Is it virtual?? Nope, you just use the public network
(internet) to create a secure session.

Yes, its private coz it provides for authentication
and encryption.

Network - Now thats my biggest grouse over calling SSL
a VPN. Unlike a IPSec or any other network-layer based
VPN which provides a single host or multiple hosts
access to a whole network behind a VPN device, does
the SSL VPN provide the same functionailty? 

I think SSL VPN is just a marketing gimmick, nothing
more. Having said that, I would also like to admit
that lots of places I sold a regular VPN device
could've done by deploying plain simple SSL. But the
current marketing frenzy fed the customers with IPSec
VPN. (Sigh)

Siddhartha



 --- Chris Gripp <cgripp at automotive.com> wrote: > I'd
say remote control accessible from the internet
> without source IP filtering is generally a bad idea
> regardless of the implementation.  Anyone could just
> sit and bang away at a login prompt.  Now, hopefully
> you are using strong password policies, etc to
> mitigate the risk but it still doesn't give me a
> warm and fuzzy feeling knowing anyone could just
> keep trying till they get bored or succeed.
> 
> -Chris
> 
> -----Original Message-----
> From: Roger Qian [mailto:roger.qian at sholodge.com]
> Sent: Wednesday, April 30, 2003 8:37 AM
> To: shannong
> Cc: vpn at lists.shmoo.com
> Subject: RE: [VPN] SSL VPN
> 
> 
> How is pcANYWHERE? smae as GoToMyPc from a security
> stand point?
> 
> Thanks,
> Roger
> 
> -----Original Message-----
> From: shannong [mailto:shannong at texas.net]
> Sent: Tuesday, April 29, 2003 7:27 PM
> Cc: vpn at lists.shmoo.com
> Subject: RE: [VPN] SSL VPN
> 
> 
> From a security stand point, GoToMyPC is a really
> bad idea.  Providing a
> third-party with unadulterated access to machines on
> your internal
> network is not taking your internal security very
> serious.  In addition
> to giving that provider with access, when they get
> hacked this
> perpetrator will have access to your PCs as well. 
> GoToMyPC has HIPAA
> and GLBA issues which make it a legal issue in
> healthcare and finance,
> respectively.
> 
> 
> 
> 
> -----Original Message-----
> From: vpn-admin at lists.shmoo.com
> [mailto:vpn-admin at lists.shmoo.com] On
> Behalf Of safieradam
> Sent: Tuesday, April 29, 2003 4:03 AM
> To: Tina Bird; Bartsch, Vincent
> Cc: vpn at lists.shmoo.com
> Subject: Re: [VPN] SSL VPN
> 
> Check out www.GoToMyPC.com.  There are several
> similar products but this
> one
> is advertising heavily where I tend to go.
> 
> Adam
> 
> ----- Original Message ----- 
> From: "Tina Bird" <tbird at precision-guesswork.com>
> To: "Bartsch, Vincent" <vincent.bartsch at cubic.com>
> Cc: <vpn at lists.shmoo.com>
> Sent: Monday, April 28, 2003 10:36 PM
> Subject: Re: [VPN] SSL VPN
> 
> 
> > On Mon, 28 Apr 2003, Bartsch, Vincent wrote:
> >
> > > I am researching everything about SSL and it's
> use as a VPN
> solution. I
> am
> > > aware of some of
> > > it's limitations but I was wondering has anyone
> tried this: allowed
> a
> SSL
> > > connection to a web
> > > server that lets the user to open a connection
> to a terminal server.
> Or
> can
> > > it be configured to
> > > connect to a terminal server via a SSL
> connection directly? Has
> anyone
> tried
> > > this, were they
> > > successful?
> >
> > Hi Vincent -- I don't have anything that will be
> immediately useful,
> but
> > We had a bit of a discussion about SSL-based VPNs.
>  The responses to
> my
> > original posting included a lot of experience the
> writer's had had, so
> it
> > might be very useful for you.
> >
> > http://vpn.shmoo.com -- click on SSL VPNs & Other
> Misc
> >
> > cheers -- tbird
> >
> > -- 
> > It's not the size of the key, it's the
> implementation of the
> algorithm...
> >
> >                                        -- Natasha
> Smith
> >
> > http://www.shmoo.com/~tbird
> > Log Analysis http://www.loganalysis.org
> > VPN http://vpn.shmoo.com
> > Security Alerts
> http://securecomputing.stanford.edu/alert.html
> >
> > _______________________________________________
> > VPN mailing list
> > VPN at lists.shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/vpn
> >
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> 
> 
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn 

__________________________________________________
Yahoo! Plus
For a better Internet experience
http://www.yahoo.co.uk/btoffer



More information about the VPN mailing list